Personal information turned out to be "dripping" with millions of smartphone applications


byEvan Kirby

It became clear that millions of smartphone applications are "drooping" personal information such as user's name, age, annual income, telephone number, and e-mail address without encrypting it. Researchers are calling attention because information may be gathered and exploited using malware and the like.

Millions of Apps Leak Private User Data Via Leaky Ad SDKs | Threatpost | The first stop for security news
https://threatpost.com/millions-of-apps-leak-private-user-data-via-leaky-ad-sdks/131251/


This fact is handled by Mr. Romain Yunuček of Kaspersky Institute for security related informationRSA conferenceI told you.

According to Yunushek, the problem is not the application itself, it is in the source code of a third party SDK used in popular advertising network. In fact, Mr. Yunu Cheek intercepted the unencrypted JSON file sent from the advertisement publishing server and confirmed that the terminal information, user name, user's birthday, GPS information was included in it I will.

There is also a "malicious app", not only information such as user name but also information of more important information such as SMS contents, outgoing / incoming history, contact information, etc. are stolen and diverted or sold to others It is said that they are doing.

Advice from Mr. Yunushek seems to be to confirm how much privileges are required when installing the application, and to use VPN if possible.

in Mobile,   Security, Posted by logc_nt